CVE-2017-7925

Published May 6, 2017

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-522
ics-cert@hq.dhs.gov: CWE-260

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0424BCE7-4A55-4D30-97CB-37AFCDD5688D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E726BD6A-A7FA-45AC-867B-6BD0EC59A3A2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EC38F14-5327-4B0B-B1C6-9E4209CD6B1E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "702164AC-DF8D-4929-AB36-9B57F26FFAA4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8CCBCC8-CFCC-4A58-A696-34CADA02CD54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "90E0A454-1155-4AEE-AC50-D786D1381248"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DD0D587-30A2-4EAA-8A54-13D59A7521B8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "73D5FE44-6E68-4EFE-A5EA-41CB6F89260F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04E4FEB2-C460-478D-B716-7DD28B2237DD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70D258A3-BE73-4F6C-8056-06D728466D37"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C73CD7AB-3473-4F31-A16A-B2ACC1E5115A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48D8AD60-2A49-4A41-A450-8E605DCAB937"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12C9A4E4-8637-4B38-81FC-2A9B5BB694FB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DF98B8DF-C3FA-4AC4-94B0-F25F2259EE77"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E439A7FB-1880-449A-8163-354B1919F5F1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "22CB4C66-9F55-42FE-A7CC-6B07D190BD66"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1E29C82-D1B0-49BA-8BF3-BEFA1F1CE565"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4835E073-E3BE-4400-964F-DCAD78CCBF57"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C5DE2D-C012-4654-9D52-C2221CA0B1A9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2BA0D45E-E01F-469F-A50C-49497AD060C7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D801AC9C-5EB2-415F-915F-1633E0679F40"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30960189-9488-4047-A5EA-427C54E462FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CC32657-CFB0-4500-858C-7A32E59C555F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B89DF4CA-78CA-404E-8B8D-042CAC45C0C8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FAA72C3-5743-48EE-9CB1-0D4E9BAF1722"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF321A00-A2B6-4D5F-99D7-C654B3247F81"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C059F7B-6951-44FE-B970-C629556FB114"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A37D238-2574-4277-8135-06D5C46D4517"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7B958A3-8CA0-44F9-ACA6-941513AEA6AE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9F0AB530-EDF8-4711-BE0F-A61D4FC19212"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References